Publication
Generative AI
Artificial intelligence (AI) raises many intellectual property (IP) issues.
Global | Publication | September 2015
On September 22, 2015, the US Securities and Exchange Commission (SEC) announced that an investment advisor firm had agreed to settle allegations that it failed to adopt written cybersecurity policies and procedures reasonably designed to safeguard customer information.
The SEC enforcement action was prompted by an attack by an unknown intruder on the firm’s third-party-hosted web server, which resulted in the intruder gaining access rights and copy rights to personally identifiable information pertaining to over 100,000 individuals, including clients of the firm.
While the firm provided notice of the breach and offered free identity theft monitoring services to all affected individuals, took prompt remedial action to mitigate against the risk of future cyber threats, and there was no indication that any client suffered financial harm as a result of the attack, the SEC instituted administrative cease-and-desist proceedings, alleging the firm had failed for nearly a four-year period to adopt written policies and procedures reasonably designed to safeguard its clients’ personal information as required by the “Safeguards Rule.”
The Safeguards Rule under SEC Regulation S-P requires every investment advisor to adopt written policies and procedures to, among other things, protect against any anticipated threats or hazards to the security or integrity of customer records and information.
The SEC Order1 asserts that the firm failed to adopt reasonable written policies or procedures for protecting clients’ information, including:
The firm neither admitted nor denied those allegations, but agreed, among other things, to pay a civil monetary penalty in the amount of $75,000 to the SEC.
The SEC’s action demonstrates its willingness to:
The SEC Order further underscores the increasing focus of securities regulators on cybersecurity in relation to the integrity of the market system, client data protection, and disclosure of material information.
This enforcement proceeding is the latest, but not the sole illustration of US and Canadian securities regulators’ interest in cybersecurity. For example:
1 http://www.sec.gov/litigation/admin/2015/ia-4204.pdf
2 Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit, as quoted in SEC Press Release “SEC Charges investment Advisor With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior to Breach” (September 22, 2015) http://www.sec.gov/news/pressrelease/2015-202.html
3 http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm
4 http://www.osc.gov.on.ca/en/SecuritiesLaw_csa_20130926_11-326_cyber-security.htm
5 See http://www.finra.org/industry/2015-cybersecurity-report and http://www.cftc.gov/idc/groups/public/@lrlettergeneral/documents/letter/14-21.pdf
6 See for example SEC Office of Compliance Inspections and Examinations, “OCIE’s 2015 Cybersecurity Examination Initiative” (September 15, 2015) http://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf
7 https://www.osc.gov.on.ca/en/NewsEvents_nr_20150602_jsot-hospital-privacy-breach.htm
Publication
Artificial intelligence (AI) raises many intellectual property (IP) issues.
Publication
The European Court of Human Rights (ECtHR or the Court) recently ruled in Verein KlimaSeniorinnen Schweiz & Ors v. Switzerland (Application No. 53600/20) that Switzerland had breached the European Convention of Human Rights (the Convention) by not taking sufficient action against climate change. In particular, it found a breach of the right to respect for private and family life contained in Article 8 of the Convention, based on Switzerland’s failure to mitigate the impact of climate change on the lives, health, well-being and quality of life of its citizens. It also ruled that Switzerland had breached the right to a fair trial in terms of Article 6, in that the domestic courts failed to examine the merits of the applicants’ complaints, including the scientific evidence. In this article we consider the key features of this landmark judgment, which has wide ramifications for Member States of the Convention.
Publication
We are delighted to announce that Al Hounsell, Director of Strategic Innovation & Legal Design based in our Toronto office, has been named 'Innovative Leader of the Year' at the International Legal Technology Association (ILTA) Awards.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023